Vulnerabilities > Atlassian > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-15 | CVE-2018-13394 | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Questions for Confluence The acceptAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability. | 6.5 |
| 2018-08-15 | CVE-2018-13393 | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Questions for Confluence The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability. | 6.5 |
| 2018-08-13 | CVE-2018-13392 | Cross-site Scripting vulnerability in Atlassian Fisheye Several resources in Atlassian Fisheye and Crucible before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in linked issue keys. | 6.1 |
| 2018-08-10 | CVE-2018-13390 | Unspecified vulnerability in Atlassian Cloudtoken Unauthenticated access to cloudtoken daemon on Linux via network from version 0.1.1 before version 0.1.24 allows attackers on the same subnet to gain temporary AWS credentials for the users' roles. low complexity atlassian | 6.1 |
| 2018-07-24 | CVE-2017-18104 | Information Exposure vulnerability in Atlassian Jira The Webhooks component of Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.11.0 allows remote attackers who are able to observe or otherwise intercept webhook events to learn information about changes in issues that should not be sent because they are not contained within the results of a specified JQL query. | 5.9 |
| 2018-07-18 | CVE-2018-5232 | Cross-site Scripting vulnerability in Atlassian Jira The EditIssue.jspa resource in Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.10.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuetype parameter. | 6.1 |
| 2018-07-18 | CVE-2017-18103 | Improper Input Validation vulnerability in Atlassian Http Library The atlassian-http library, as used in various Atlassian products, before version 2.0.2 allows remote attackers to spoof web content in the Mozilla Firefox Browser through uploaded files that have a content-type of application/mathml+xml. | 4.7 |
| 2018-07-16 | CVE-2018-5229 | Cross-site Scripting vulnerability in Atlassian Universal Plugin Manager The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of user submitted add-on names. | 5.4 |
| 2018-07-16 | CVE-2018-13387 | Cross-site Scripting vulnerability in Atlassian Jira The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3 and from version 7.10.0 before version 7.10.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter as the fix for CVE-2017-18039 was incomplete. | 6.1 |
| 2018-07-10 | CVE-2018-13389 | Improper Input Validation vulnerability in Atlassian Confluence The attachment resource in Atlassian Confluence before version 6.6.1 allows remote attackers to spoof web content in the Mozilla Firefox Browser through attachments that have a content-type of application/rdf+xml. | 4.7 |